- From: Aleecia M. McDonald <aleecia@aleecia.com>
- Date: Wed, 12 Oct 2011 14:53:21 -0700
- To: public-tracking@w3.org
On Oct 12, 2011, at 12:36 PM, Roy T. Fielding wrote: > On Sep 21, 2011, at 11:34 AM, Tracking Protection Working Group Issue Tracker wrote: > >> ISSUE-5: What is the definition of tracking? >> >> http://www.w3.org/2011/tracking-protection/track/issues/5 > > Please address this issue first. I have added a description: One of the reasons we did not open with "what is tracking" is we could easily spend until July just on that. I understand the desire to get definitions done (tracking, first-party, etc.) and they are certainly important, but we can usefully move forward with concrete examples as we work toward the strawman documents. I do not want to make other discussions dependent on this one. That said, starting to get into the different views here can be helpful, and I was not happy with how I tried to record it in issue-89 (Does DNT mean at a high level: (a) no customization, users are seen for the first time, every time. (b) DNT is about data moving between sites). > The word "tracking" is central to all of the definitions and > mechanisms being defined by this working group. > Some people think "tracking" means following all of the user's > actions, which would include first-party click-stream data collection. > Other people think that "tracking" means following a user from > one site to another (differently branded) site, which would > exclude first-party data collection that isn't shared with > third-parties. Which is it? So we are summarizing the second case of site-to-site similarly enough that I think you and I, at least, are talking about the same thing. And I think Jonathan Mayer has been the most articulate proponent of this view, with several others in basic agreement with him. I am not convinced either Roy or I have the first case quite solid yet, perhaps because we have each phrased this as more absolute than what people think. It would be very good if people who think there is more to tracking than just data moving between sites could please chime in with a lucid explanation of what they mean. What I did hear as a very interesting use case came from Jules Polonetsky on the 5 October call. I believe his point was that even without site-to-site data movement, a first party can get down to neighborhood-level identification of a user (techniques include geoIP or Cisco sells hardware to do so). First party sites could also enhance the data they have about users with off-line data as well, which is not necessarily a site-to-site data transfer. (Also of note: there are no browser-based tools that would protect against these uses cases. TOR is lovely, but not general purpose.) We also have ISSUE-91from the call today (Might want prohibitions on first parties re-selling data to get around the intent of DNT). To come back to our initial success criteria in Boston, on the one hand we had ease of implementation. Clearly, if we limited DNT to just being about data transfer between sites, this is substantially lower cost to implement. That is really important. We also had another criterion that DNT has to work for users. That argues for DNT covering more than just site-to-site transfers. If a strictly-first-party can display an ad based on registration information and geoIP saying, "Welcome back, Julia from the New York Times! It's been 2 hours since you last visited this site. Let me tell you about the bake sale at the elementary school in your neighborhood," then I strongly believe user expectations for DNT are going to be violated in a non-trivial way. And if users think DNT does not work, we have a problem. Where I am struggling is to articulate just exactly what "more than just site-to-site" means, and I have not heard anyone in the group give a clear view there. Anyone able to do so? For example, Amazon's recommendations of other things to buy. Tracking, or not? Where are the edges? Is there one set of views here, or several? > Every time I look back at the IRC or meeting minutes, I see half > the people assuming one or the other, and it is making it very > hard to understand each other's opinions. A fair point. Let us at least know where we are disagreeing. Aleecia
Received on Wednesday, 12 October 2011 21:53:45 UTC